Closed
Bug 572774
Opened 14 years ago
Closed 14 years ago
NULL deref in ecma/GlobalObject/15.1-2-n.js, browser only
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorendorff, Assigned: gal)
References
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file, 1 obsolete file)
2.46 KB,
patch
|
Details | Diff | Splinter Review |
This stack has some extra patches applied on top of tip, but the bug is in tip. (gdb) bt #0 0x00cd4728 in JSObject::getClass (this=0x0) at ../../dist/include/jsobj.h:270 #1 0x010e3dcd in XPCWrapper::UnwrapGeneric (cx=0xb2132400, xclasp=0x1fa8f00, wrapper=((JSObject *) NULL)) at /home/jorendorff/dev/tracemonkey/js/src/xpconnect/src/XPCWrapper.h:348 #2 0x010fd271 in GetWrappedObject (cx=0xb2132400, wrapper=((JSObject *) NULL)) at /home/jorendorff/dev/tracemonkey/js/src/xpconnect/src/XPCCrossOriginWrapper.cpp:142 #3 0x010ffd96 in XPC_XOW_Call (cx=0xb2132400, obj=((JSObject *) NULL), argc=0, argv=0xb5efe124, rval=0xb5efe168) at /home/jorendorff/dev/tracemonkey/js/src/xpconnect/src/XPCCrossOriginWrapper.cpp:1086 #4 0x020ca7d6 in js_Call (cx=0xb2132400, obj=((JSObject *) NULL), argc=0, argv=0xb5efe124, rval=0xb5efe168) at /home/jorendorff/dev/tracemonkey/js/src/jsobj.cpp:5614 #5 0x020acb9c in js::callJSNative (cx=0xb2132400, native=0x20ca738 <js_Call>, thisobj=((JSObject *) NULL), argc= 0, argv=0xb5efe124, rval=0xb5efe168) at /home/jorendorff/dev/tracemonkey/js/src/jscntxtinlines.h:321 #6 0x020aa561 in Invoke (cx=0xb2132400, fun=0x0, script=0x0, native=0x20ca738 <js_Call>, args=..., flags=0) at /home/jorendorff/dev/tracemonkey/js/src/jsinterp.cpp:551 #7 0x020aab46 in js_Invoke (cx=0xb2132400, args=..., flags=0) at /home/jorendorff/dev/tracemonkey/js/src/jsinterp.cpp:678 #8 0x02098aac in js_Interpret (cx=0xb2132400) at /home/jorendorff/dev/tracemonkey/js/src/jsops.cpp:2156 #9 0x020ab241 in js_Execute (cx=0xb2132400, chain=0xb0115820, script=0xaf4a5a60, down=0xb5efe024, flags=16, result=0xb5efe0a0) at /home/jorendorff/dev/tracemonkey/js/src/jsinterp.cpp:855 #10 0x020be787 in obj_eval (cx=0xb2132400, argc=1, vp=0xb5efe0a0) at /home/jorendorff/dev/tracemonkey/js/src/jsobj.cpp:1353 #11 0x02098920 in js_Interpret (cx=0xb2132400) at /home/jorendorff/dev/tracemonkey/js/src/jsops.cpp:2146 #12 0x020ab241 in js_Execute (cx=0xb2132400, chain=0xb0115820, script=0xaf0baaa0, down=0x0, flags=0, result=0x0) at /home/jorendorff/dev/tracemonkey/js/src/jsinterp.cpp:855 #13 0x0201b839 in JS_EvaluateUCScriptForPrincipals (cx=0xb2132400, obj=((JSObject *) 0xb0115820) [object Window], principals=0xafe95b04, chars= ((jschar *) 0xaca40008) '/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */\x0a/* ***** BEGIN LICENSE BLOCK *****\x0a * Version: MPL...... (and browser frames after that)
Assignee | ||
Comment 1•14 years ago
|
||
Assignee: general → gal
Assignee | ||
Comment 2•14 years ago
|
||
Attachment #451987 -
Attachment is obsolete: true
Reporter | ||
Comment 3•14 years ago
|
||
Landed with some style nits picked. http://hg.mozilla.org/tracemonkey/rev/37b09e487d80
Whiteboard: fixed-in-tracemonkey
Comment 4•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/37b09e487d80
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•